TencentCloud / CubeSandbox
- четверг, 2 июля 2026 г. в 00:00:04
Instant, Concurrent, Secure & Lightweight Sandbox for AI Agents.
Instant, Concurrent, Secure & Lightweight Sandbox Service for AI Agents
中文文档 · Quick Start · Documentation · Changelog · X(Twitter)
Cube Sandbox is a high-performance, out-of-the-box secure sandbox service built on RustVMM and KVM. It supports both single-node deployment and easy scaling to multi-node clusters. It is compatible with the E2B SDK and can create a hardware-isolated, fully serviceable sandbox in under 60ms with less than 5MB of memory overhead.
|
|
v0.4: Safer egress, easier ops Credential vault — Agents call external APIs as usual; keys never enter the sandbox. Dashboard — version matrix and template health checks; see at a glance whether templates need rebuilding after upgrades. Changelog → · Security proxy guide → · WebUI guide → |
|
|
Snapshot, Clone & Rollback at hundred-millisecond granularity CubeSandbox 0.3.0 introduces the CubeCoW Copy-on-Write snapshot engine, enabling event-level snapshots, instant cloning, and rollback to any saved state. Changelog → |
|
|
🎉 Initial open-source release Cube Sandbox is now open source! Millisecond boot, hardware-level isolation, E2B-compatible sandbox for AI Agents. Changelog → |
|
⚡ Sub-60ms boot · High density Average <60ms cold start, <5MB overhead per instance — run thousands of Agents on one node Quick start → |
🔒 Hardware-level isolation Each sandbox gets its own Guest OS kernel — no Docker shared-kernel escapes; run untrusted LLM-generated code safely Architecture → |
🔌 Seamless E2B migration Native E2B SDK compatibility — swap one URL env var, zero business code changes Examples → |
|
🖥️ Web console Manage sandboxes, templates, nodes, and version matrix in the browser — open :12088 right after installWebUI guide → |
🔐 Credential vault Agents call LLMs and external APIs as usual — keys never enter the sandbox, model context, or logs Security proxy guide → |
🛡️ Egress control Domain allowlists, instant block on unauthorized egress, full audit logs for compliance Security proxy guide → |
|
📸 Snapshot · Clone · Rollback Hundred-millisecond checkpoints on running sandboxes — roll back or fork from any saved state v0.3 changelog → |
📦 Template system Turn OCI images into templates in one step, install official presets from the Template Store, auto-distribute across nodes Templates guide → |
🤖 AgentHub digital assistants Spin up OpenClaw assistants in one click — snapshots, rollback, and assistant template publishing Digital assistant → |
1.cubesandbox.-.mp4 |
2.cubesandbox.demo.mp4 |
Cube-Sandbox.RL.demo.mp4 |
5.cube.V0.3.0.-.-.mp4 |
| Installation & Demo | Performance Test | RL (SWE-Bench) | Snapshot · Clone · Rollback |
In the context of AI Agent code execution, CubeSandbox achieves the perfect balance of security and performance:
| Metric | Docker Container | Traditional VM | CubeSandbox |
|---|---|---|---|
| Isolation Level | Low (Shared Kernel Namespaces) | High (Dedicated Kernel) | Extreme (Dedicated Kernel + eBPF) |
| Boot Speed *Full-OS boot duration |
200ms | Seconds | Sub-millisecond (<60ms) |
| Memory Overhead | Low (Shared Kernel) | High (Full OS) | Ultra-low (Aggressively stripped, <5MB) |
| Deployment Density | High | Low | Extreme (Thousands per node) |
| E2B SDK Compatible | / | / | ✅ Drop-in |
For detailed metrics on startup latency and resource overhead, see the Core Operations Performance Benchmark Report (bare metal) and the PVM Cloud Server Benchmark Report.
⚡ Millisecond-level startup — watch the fast-start flow above.
Cube Sandbox requires an x86_64 Linux environment with KVM support.
The guide walks you through everything in four steps — provisioning a server, installing Cube Sandbox, creating a sandbox template, and running your first agent code. No source build needed, up and running in minutes.
Choose your deployment path:
|
🖥 PVM · Cloud VM →
🏆 Recommended |
🏗 Bare Metal → |
💻 Dev-Env →
|
🖥️ Visual management — from overview to creating a sandbox and streaming logs, all in your browser.
After one-click deployment, open in your browser:
http://<control-node IP>:12088
Recommended three steps:
READY template under TemplatesREADY template, and view live logs on the detail page within secondsSee the full WebUI console guide.
:12088)| Component | Responsibility |
|---|---|
| CubeAPI | High-concurrency REST API Gateway (Rust), compatible with E2B. Swap the URL for seamless migration. |
| CubeMaster | Cluster orchestrator. Receives API requests and dispatches them to corresponding Cubelets. Manages resource scheduling and cluster state. |
| CubeProxy | Reverse proxy, compatible with the E2B protocol, routing requests to the appropriate sandbox instances. |
| Cubelet | Compute node local scheduling component. Manages the complete lifecycle of all sandbox instances on the node. |
| CubeVS | eBPF-based virtual switch, providing kernel-level network isolation and security policy enforcement. |
| CubeEgress | OpenResty-based egress security gateway: L7 domain filtering, credential injection, and access auditing; works with CubeVS kernel policies so sandbox traffic cannot bypass inspection. |
| CubeHypervisor & CubeShim | Virtualization layer — CubeHypervisor manages KVM MicroVMs, CubeShim implements the containerd Shim v2 API to integrate sandboxes into the container runtime. |
👉 For more details, please read the Architecture Design Document and CubeVS Network Model.
We welcome contributions of all kinds—whether it's a bug report, feature suggestion, documentation improvement, or code submission!
CubeSandbox is released under the Apache License 2.0.
The birth of CubeSandbox stands on the shoulders of open-source giants. Special thanks to Cloud Hypervisor, Kata Containers, virtiofsd, containerd-shim-rs, ttrpc-rust, and others. We have made tailored modifications to some components to fit the CubeSandbox execution model, and the original in-file copyright notices are preserved.
Cube Sandbox is listed in the CNCF Landscape.